The Federal Bureau of Investigation (FBI) is on the final stage of its Operation Ghost Click, which strikes against the menace of the
DNSChanger virus and trojan. Infected PCs running the DNSChanger
malware at unawares are in the danger of going offline on this coming
Monday (July 9) when the FBI plans to pull down the online servers
that communicate with the virus on host computers.

After gaining access to a host PC, the DNSChanger virus tries to
modify the DNS (Domain Name Server) settings, which are essential for
Internet access, to send traffic to malicious servers. These poisoned
web addresses in turn point traffic generated through infected PCs to
fake or unsafe websites, most of them running online scams. There are
also reports that the DNSChanger virus also acts as a trojan, allowing
perpetrators of the hack attack to gain access to infected PCs.

Google issued a general advisory for netizens in May earlier this year
to detect and remove DNSChanger from infected PCs. According to our
report, some 5 lakh PCs were still infected by the DNSChanger virus in
May 2012.

The first report of the DNSChanger virus and its affiliation with an
international group of hackers first came to light towards the end of
last year, and the FBI has been chasing them down ever since. The
group behind the DNSChanger virus is estimated to have infected close
to 4 million PCs around the world in 2011, until the FBI shut them
down in November.

In the last stage of Operation Ghost Click, the FBI plans to pull the
plug and bring down the temporary rogue DNS servers on Monday, July 9,
according to an official announcement. As a result, PCs still infected
by the DNSChanger virus will be unable to access the Internet.

How do you know if your PC has the DNSChanger virus? Don’t worry.
Google has explained the hack attack and tools to remove the malware
on its official blog. Trend Micro also has extensive step-by-step
instructions to check if your Windows PC or Mac is infected by the
virus.

All of the infected computers are in australia
–
soandosJul 8 '12 at 18:02

There are only a few thousand infected computers remaining in the US, and if yours is one you'd almost certainly have received several notifications (which you may of course have ignored). And if you have valid antivirus installed (and, if not, why not??) then that would have caught it.
–
Daniel R HicksJul 10 '12 at 15:03

Could you please provide answer here, now there's answer only for "How can I find information about how to check for DNS changer?". Then you are helping to make this site one of those many.
–
Sampo SarralaJul 8 '12 at 13:19

@Sampo just pick one. They will all work, and if you really need a definitive answer click on all of them it will take no more than one minute to test it yourself.
–
MatteoJul 8 '12 at 13:58

at least it would be nice to note that this method for test is not foolproof and may fail (maybe rare but possible) if ISP or anyone else between you and internet is doing IP translation for malicious addresses.
–
Sampo SarralaJul 8 '12 at 17:30

What are DNS Changer viruses?

DNS (Domain Name System) is an Internet service that converts user-friendly domain
names into the numerical Internet protocol (IP) addresses that computers use to talk to
each other. For example, google.com is actually an IP address (173.194.38.164). DNS makes it easier for us to remember the site names. DNS servers convert the domain names into IP addresses.

Now the malware, changes the domain naming servers in your computer and uses a different malicious DNS server. This malicious DNS server, swaps IP's and takes the user to a fake site.

Now if you log in to any of your accounts in the fake site, then your log in information is compromised. That's how the malware steals Credit Card details from the user.

The State of affairs now

The FBI have taken control of the bad DNS servers and have been running it as an legitimate server. Now they want to bring it down. If they shutdown the server, then you will not be able to browse the web. That's why you have to check your DNS servers and make sure that you do not have an infected one.

The problem with using ipconfig is that it only returns the primary DNS server, but a system can be configured to use multiple servers. Usually the primary is the one that is used (especially for popular sites which are more likely to be the hacked), but the others often get used as well. You should check them all: Control Panel->Networks->NIC Properties->TCPIP Properties->Advanced->DNS Do this for every network adapter in the system because they can each have their own list, so for example, you may only be infected when wireless or vice versa.
–
SynetechAug 23 '12 at 15:57